Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS7506155 B1
Publication typeGrant
Application numberUS 11/140,464
Publication dateMar 17, 2009
Filing dateMay 31, 2005
Priority dateJun 22, 2000
Fee statusPaid
Also published asUS6901519, US7979691, US8769258, US20090165138, US20110231669, US20140289857
Publication number11140464, 140464, US 7506155 B1, US 7506155B1, US-B1-7506155, US7506155 B1, US7506155B1
InventorsWalter Mason Stewart, Marcelo Carrera, Robert G. Hook
Original AssigneeGatekeeper Llc
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
E-mail virus protection system and method
US 7506155 B1
Abstract
A network is protected from e-mail viruses through the use of a sacrificial server. Any executable programs or other suspicious parts of incoming e-mail messages are forwarded to a sacrificial server, where they are converted to non-executable format such as Adobe Acrobat PDF and sent to the recipient. The sacrificial server is then checked for virus activity. After the execution is completed, the sacrificial server is rebooted.
Images(5)
Previous page
Next page
Claims(41)
1. A method for protecting a network from a virus contained in an e-mail message as executable code, the method comprising:
receiving the e-mail message;
converting the executable code from an executable format to a non-executable format by using an application-level process which retains an appearance, human readability, and semantic content of the e-mail message; and
forwarding the non-executable format to a recipient of the e-mail message.
2. The method of claim 1, wherein the executable code is contained in a body of the e-mail message.
3. The method of claim 2, wherein the executable code comprises a hypertext link, and wherein the converting comprises deactivating the hypertext link.
4. The method of claim 1, wherein the executable code is contained in an attachment in the e-mail message.
5. The method of claim 4, wherein the converting comprises:
forwarding the attachment from a gatekeeper server to a sacrificial server; and
converting the attachment to the non-executable format on the sacrificial server.
6. The method of claim 5, wherein the converting further comprises examining the sacrificial server for virus activity.
7. A method for protecting a network from a virus contained in an e-mail message as executable code, the method comprising:
receiving the e-mail message in a gatekeeper server;
converting the executable code from an executable format to a non-executable format; and
forwarding the non-executable format to a recipient of the e-mail message, wherein the executable code is contained in an attachment in the email message;
wherein the converting comprises:
forwarding the attachment from the gatekeeper server to a sacrificial server;
converting the attachment to the non-executable format on the sacrificial server;
examining the sacrificial server for virus activity; and
rebooting the sacrificial sever from a safe copy of an operating system obtained from a read-only device.
8. A method for protecting a network from a virus contained in an e-mail message as executable code, the method comprising:
receiving the e-mail message in a gatekeeper server;
converting the executable code from an executable format to a non-executable format; and
forwarding the non-executable format to a recipient of the e-mail message, wherein the executable code is contained in an attachment in the email message;
wherein the converting comprises:
forwarding the attachment from the gatekeeper server to a sacrificial server;
converting the attachment to the non-executable format on the sacrificial server;
examining the sacrificial server for virus activity; and
wherein communications between the gatekeeper server and the sacrificial server are authenticated using a challenge-and-response technique.
9. The method of claim 4, wherein the converting comprises:
maintaining a list of approved attachment types;
determining whether the attachment is of a type which is in the list of approved attachment types; and
if the attachment is not of a type which is in the list of approved attachment types, informing the recipient that a message containing a non-approved attachment has been received.
10. The method of claim 1, wherein the converting comprises:
maintaining a list of approved executable code;
determining whether the executable code is in the list of approved executable code; and
deactivating the executable code if the executable code is not in the list of approved executable code.
11. The method of claim 10, wherein:
the list of approved executable code includes information for determining whether the approved executable code has been altered; and
the converting further comprises:
determining whether the executable code has been altered; and
deactivating the executable code if the executable code has been altered.
12. The method of claim 11, wherein the determining whether the executable code has been altered is performed through an algorithmic technique.
13. The method of claim 12, wherein the algorithmic technique is a check-summing technique.
14. The method of claim 12, wherein the algorithmic technique is a hashing technique.
15. The method of claim 1, wherein the converting comprises:
forming a first copy and a second copy of at least a portion of the e-mail message containing the executable code;
executing the executable code in the first copy but not the second copy; and
after the executable code in the first copy has been executed, comparing the first copy to the second copy to determine an effect of the executable code.
16. A system for protecting a network from a virus contained in an e-mail message as executable code, the system comprising:
a workstation computer on the network used by a recipient of the e-mail message; and
a computer on the network for converting the executable code from an executable format to a non-executable format by using an application-level process which retains an appearance, human readability and semantic content of the e-mail message and forwarding the non-executable format to the recipient.
17. The system of claim 16, wherein the executable code is contained in a body of the e-mail message.
18. The system of claim 17, wherein the executable code comprises a hypertext link, and wherein the computer for converting deactivates the hypertext link.
19. The system of claim 16, wherein the executable code is contained in an attachment in the e-mail message.
20. The system of claim 16, wherein the computer for converting is a sacrificial server.
21. The system of claim 20, wherein the sacrificial server is examined for virus activity.
22. A system for protecting a network from a virus contained in an e-mail message as executable code, the system comprising:
a workstation computer on the network used by a recipient of the e-mail message;
a gatekeeper server, in communication with the workstation computer over the network, for receiving the e-mail message; and
a computer on the network for converting the executable code from an executable format to a non-executable format and forwarding the non-executable format to the workstation computer, wherein the computer for converting is a sacrificial server which is separate from the gatekeeper sever, wherein the sacrificial server is examined for virus activity, wherein the network further comprises a read-only device, and wherein the sacrificial server is rebooted from a safe copy of an operating system obtained from the read-only device.
23. A system for protecting a network from a virus contained in an e-mail message as executable code, the system comprising:
a workstation computer on the network used by a recipient of the e-mail message;
a gatekeeper server, in communication with the workstation computer over the network, for receiving the e-mail message; and
a computer on the network for converting the executable code from an executable format to a non-executable format and forwarding the non-executable format to the workstation computer, wherein the computer for converting is a sacrificial server which is separate from the gatekeeper sever, wherein the sacrificial server is examined for virus activity, wherein communications between the gatekeeper server and the sacrificial server are authenticated using a challenge-and-response technique.
24. The system of claim 16, wherein the network maintains a list of approved attachment types, determines whether the attachment is of a type which is in the list of approved attachment types, and, if the attachment is not of a type which is in the list of approved attachment types, informs the recipient that a message containing a non-approved attachment has been received.
25. The system of claim 16, wherein the network maintains a list of approved executable code, determines whether the executable code is in the list of approved executable code, and deactivates the executable code if the executable code is not in the list of approved executable code.
26. The system of claim 25, wherein:
the list of approved executable code includes information for determining whether the approved executable code has been altered;
the network determines whether the executable code has been altered; and
the executable code is deactivated if the executable code has been altered.
27. The system of claim 26, wherein the system determines whether the executable code has been altered through an algorithmic technique.
28. The system of claim 27, wherein the algorithmic technique is a check-summing technique.
29. The system of claim 27, wherein the algorithmic technique is a hashing technique.
30. The system of claim 16, wherein the computer for converting converts the executable code by:
forming a first copy and a second copy of at least a portion of the e-mail message containing the executable code;
executing the executable code in the first copy but not the second copy; and
after the executable code in the first copy has been executed, comparing the first copy to the second copy to determine an effect of the executable code.
31. A sacrificial server for use on a network, the sacrificial server comprising:
communication means for receiving an e-mail attachment from the network; and
processing means for converting the e-mail attachment from an executable format to a non-executable format by using an application-level process which retains an appearance, human readability and semantic content of the e-mail message and for returning the e-mail attachment to the network.
32. The sacrificial server of claim 31, wherein the sacrificial server is examined for virus activity.
33. The sacrificial server of claim 32, wherein the sacrificial server further comprises a read-only device and is rebooted from a safe copy of an operating system obtained from the read-only device.
34. The sacrificial server of claim 31, wherein communications between the network and the sacrificial server are authenticated using a challenge-and-response technique.
35. The sacrificial server of claim 31, wherein the sacrificial server stores a list of approved attachment types, determines whether the attachment is of a type which is in the list of approved attachment types, and, if the attachment is not of a type which is in the list of approved attachment types, informs the network that a message containing a non-approved attachment has been received.
36. The sacrificial server of claim 31, wherein the sacrificial server maintains a list of approved executable code, determines whether the attachment contains executable code and whether the executable code is in the list of approved executable code, and deactivates the executable code if the executable code is not in the list of approved executable code.
37. The sacrificial server of claim 36, wherein:
the list of approved executable code includes information for determining whether the approved executable code has been altered;
if the executable code is in the list of approved executable code, the sacrificial server determines whether the executable code has been altered; and
the executable code is deactivated if the executable code has been altered.
38. The sacrificial server of claim 32, wherein the sacrificial server determines whether the executable code has been altered through the use of an algorithmic technique.
39. The sacrificial server of claim 38, wherein the algorithmic technique is a check-summing technique.
40. The sacrificial server of claim 38, wherein the algorithmic technique is a hashing technique.
41. The sacrificial server of claim 31, wherein the processing means converts the executable code by:
forming a first copy and a second copy of at least a portion of the e-mail message containing the executable code;
executing the executable code in the first copy but not the second copy; and
after the executable code in the first copy has been executed, comparing the first copy to the second copy to determine an effect of the executable code.
Description
REFERENCE TO RELATED APPLICATION

The present application is a continuation of U.S. patent application Ser. No. 09/704,790, filed Nov. 3, 2000, now U.S. Pat. No. 6,901,519, which claims the benefit of U.S. Provisional Application No. 60/213,254, filed Jun. 22, 2000. The disclosures of both of those applications are hereby incorporated by reference in their entireties into the present disclosure.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to computer systems and computer networks. In particular, the present invention relates to a system and method for detecting and nullifying the effects of computer viruses. Still more particularly, the present invention relates to a system and method for detecting and nullifying the effects of computer viruses from messages and attachments delivered by electronic mail through a network.

2. Description of the Related Art

Computer viruses are a destructive aspect of the computer revolution that threatens its potential growth and usability. Significant time and money are lost annually combating the effects of this insidious, and seemingly endemic, problem. A computer virus is actually just an unauthorized block of executable computer code purporting to be harmless or is hidden in another valid computer program. Once the valid program is executed, the unauthorized virus code is also activated. The effect of such viruses can be simple pranks, such as causing messages to be displayed on the screen, or more serious activities, such as destroying programs and data. Once executed, they often spread quickly by attaching themselves to other programs in the system. Infected programs may in turn continue the cancerous replication by copying the virus code to still other programs. The proliferation of Internet E-mail has only accelerated the problem in that local viruses can now spread internationally in a matter of hours.

Prior art attempts to reduce the effects of viruses and prevent their proliferation by using various virus detection schemes have been only marginally successful. The reason for the limited success is that the prior art methods attempt to identify the existence of a virus before taking steps to protect a user. For example, many virus detection programs use a method known as “behavior interception,” which monitors the computer or system for key system functions such as “write,” “erase,” “format disk,” etc. When such operations occur, the virus detection program prompts the user for input as to whether such an operation is expected. If the suspect operation was not expected (e.g., the user was not operating any program that employed such a function), the user can abort the operation. Another virus detection method, known as “signature scanning,” scans program code that is being copied onto the system. Again, the virus detector searches for recognizable patterns of program code, such as the program attempting to write into specific file or memory locations, that betray the possible existence of a virus. Yet another prior art approach to virus detection performs a checksum (mathematical signature) on critical programs stored on a system that are known to be free of viruses. If a virus later attaches itself to one of these programs, the checksum value—which is periodically recalculated—will be different and thus, the presence of a virus detected.

While all of these methods work to some degree, they tend to suffer from one critical drawback: They depend on recognizing the virus as a virus before instituting any protection for the user. All too often, new (unrecognized) viruses must first wreak havoc on a significant number of victims before the new virus' identifying characteristics are recognized and included in the (ever-lengthening) watch lists of the various virus protection programs available to government and industry.

SUMMARY OF THE INVENTION

The present invention overcomes the limitations of the prior art by implementing a system and method that eliminates the threat of viruses transmitted on a computer network by rendering any viruses inoperable. As discussed above, all viruses are programs. Like all programs, they are designed to run in a specific or predictable environment. Viruses depend on a host computer's operating system to recognize them as valid programs. They also depend on the host computer's central processing unit (CPU) to understand the virus' commands and obey them. Non executable entities are, by nature, incapable of launching a virus. Therefore, if a host computer converts all data received via e-mail (mail and attachments) to non-executable entities, any embedded virus is rendered inoperable. The present invention describes a method and system of virus protection that involves passing all e-mail and attachments through various conversion states that, while harmless to e-mail text and attachments, the conversions are lethal to executable code (viruses).

Even though the majority of e-mail received by a company or government agency should contain no valid executable components, a small percentage of e-mail attachments, such as “working drafts,” and standard contract templates may require user updating or valid executable macros. Therefore, the present invention also describes a system and method of identifying “Approved” embedded macros and—as long as they have not been modified—allowing them to survive the virus killing conversions.

Finally, the present invention also includes a unique “sacrificial PC” system and method capable of safely executing, detecting (via examination of the results of execution), and safely recovering from potentially virus-laden e-mails.

BRIEF DESCRIPTION OF THE DRAWINGS

A preferred embodiment will be set forth in detail with reference to the drawings, in which:

FIG. 1 shows a block diagram of an e-mail gatekeeper system;

FIGS. 2 and 2A show a flow chart of operations carried out in the e-mail gatekeeper system; and

FIG. 3 shows a flow chart of operations carried out by a sacrificial processor.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Though not essential to every embodiment of this invention, the preferred embodiment makes use of the following concepts and principles:

    • 1. Recipients of e-mails are ultimately more qualified to determine what information is acceptable than a generalized software program or system
    • 2. If given an opportunity, a user can clearly define which e-mail types and attachments he or she does or does not wish to receive.
    • 3. The ability of users to accept macros and other forms of executable code commonly used in modern computer generated business forms and templates must be maintained.
    • 4. All information is potentially important to a user. Therefore, software systems, including security programs, should not arbitrarily delete or withhold e-mail content without specific knowledge and authorization of the owner of the e-mail system.
    • 5. The value of information tends to decrease over time. Therefore, information contained in e-mails should not be unreasonably delayed.

The gatekeeper method and system described herein operate under the following rules and definitions:

  • 1. Any macro or executable code that alters the physical appearance of an e-mail or attachment is considered by the gatekeeper to be a customized form.
  • 2. All customized forms requiring user input must be authorized by the owner of the e-mail system.

In an effort to provide recipients with all of the contents of all e-mails and attachments (not prohibited by the owner of the e-mail system) all unauthorized form will be executed; however, the form's output (not the form itself) will be delivered to the user in a “safe” non-executable format.

The Gatekeeper method and system described defines and ability to authorize and authenticate all forms.

The virus detection system and method of the present invention preferably operates on a system as depicted in FIG. 1.

An intermediary E-mail security server (102), referred to as “the Gatekeeper” intercepts all e-mail messages and attachments sent by a sender (101) via a communications network, such as the Internet (109). The arriving unopened e-mail and attachments are archived and logged (202) with a date and time stamp, plus any routing information available. Address data is then stripped off of the e-mail (204) for attachment to the “safe” e-mail constructed at (210). The e-mail portion of the Internet e-mail received from (201) is passed through a conversion process (205) that eliminates all executable code leaving only alphanumeric message text. Any imbedded hyperlinks or email addresses, while still identifiable as links or addresses, are rendered inoperable as executable “links.” The Gatekeeper (102) then checks to see if the arriving e-mail contains an attachment (206). If the e-mail contains no attachment, processing continues at step (210).

If the e-mail contains an attachment, the attachment types (extensions) are validated against several lists provided by the client during the installation process. The e-mail attachment type is first checked against a list of client approved acceptable file extensions. If the attachment extension is not in the approved list, it is considered either disapproved or unknown. (212). If the attachment extension type is found in the disapproved list, a message is constructed indicating that “this e-mail contains a disapproved attachment.” The disapproval message is included in the safe e-mail constructed in step (210).

If the e-mail contains an attachment with an extension that is not in either the “disapproved” or “approved” lists, the entire attachment is passed through a conversion process (205) that eliminates all executable code leaving only alphanumeric message text. This process will generally create a readable copy of the attachment, but will not allow the attachment to open any processes or applications, including executable virus code. If the included attachment from (206) is of an approved extension type, attachment inspection processing continues at (208), which checks the approved attachment extension to see if it contains any executable code (macros). This process involves reading the attachment file's internal format and identifying any executable code, such as macros that may be present. Any executable code found is noted and identified for authentication (209). An encrypted authentication identifier is created for the executable code by passing it through an algorithm such as, a checksum or hashing algorithm (213), that uniquely identifies the string of executable code. The unique identifier is then encrypted using a key known only to the Gatekeeper program or server. The authentication identifier is then compared to a list of approved code contained by the Gatekeeper and supplied by the Client (216). Since this system and method described validates only the executable code (macros), the non-executable data portion of the attachment can safely be changed or updated interactively. If the attachment contains approved macros, the original attachment is made available to the recipient. If the attachments contain unapproved macros, the attachment is forwarded to an available sacrificial PC processor (103) via data link (108) for conversion to a non-executable format and further detailed virus testing. The method just described for detecting, authenticating, and approving a macro can be used to authenticate and approve any form of executable code embedded in an attachment or in the body of an e-mail message. Such code can include compiled programs, interpretive code, scripts, batch language, markup language code, or the like located in any part of the e-mail message, including the body and the attachments.

Sacrificial PC processing begins with the original e-mail attachment being passed to an available sacrificial PC (105) via a data link (108) connecting the Gatekeeper server (102) with the sacrificial PC. Once the transfer of the attachment is complete the data link (108) is intentionally broken. This eliminates the possibility of any unintended communications back to the Gatekeeper. The original attachment is then opened using standard Windows application processing supplied by the client (303). The opened attachment is then passed through a process (304) which converts the attachment to a non-executable image format, such as Portable Document Format (PDF). Note there are many suitable image formats. The process would choose one selected by the client. The safe image format version of the attachment is then encrypted in the sacrificial PC's unique authentication key assigned by the Gatekeeper at startup. The data link (108) to the Gatekeeper is then re-established (306) and the encrypted non-executable attachment is returned to the Gatekeeper (307).

All communications from a sacrificial PC to the Gatekeeper are interrogated by the Gatekeeper's communications processor (220). Before being accepted by the Gatekeeper as a valid message, the data must pass a strict authentication test (219). The authentication process is as follows.

At System startup (and periodically, if desired) the Gatekeeper creates a randomly generated set of authentication parameters to be used by each sacrificial PC when communicating with the Gatekeeper. When a sacrificial PC wants to communicate with the Gatekeeper it first sends a handshake packet to the Gatekeeper identifying the specific PC requesting communication. It also sends a short (unencrypted) clear-text portion of the data to be communicated encapsulated within the handshake packet.

Once the Gatekeeper acknowledges the handshake, the sacrificial PC sends the full information packet to the Gatekeeper. A random amount of the packet has been encrypted in the sacrificial PC's unique key. The specific amount of data encrypted by the sacrificial PC was determined by one of the authentication parameters sent by the Gatekeeper at startup. The Gatekeeper decrypts all data packets it receives based on the assumed key of the specific sacrificial PC. In other words, “If you are who you say you are, you encrypted your data in the following way.” Once decrypted, the Gatekeeper compares the clear text portion of the data received in the handshake packet with the decrypted data packet (219). If they match, the data is accepted; if they do not, the data is not accepted. The authentication technique is based on known “challenge and response” authentication techniques.

Once the sacrificial PC has sent the read only “safe” attachment back to the Gatekeeper, a special validation process examines the sacrificial PC to determine if any unexpected changes have occurred (308) and (309) on the sacrificial PC. Unexpected changes could include the addition or deletion of files, files that change name, extension, or content unexpectedly, (including morphing of the tested attachment itself), attempted sensing of the date and time features of the sacrificial PC, etc.

Also, when the opportunity is available, as with attachments created using the Microsoft suite of office products, the sacrificial PC processor takes advantage of the “Enable Macros” “Disable Macros” feature. This built-in feature makes it possible to open a document without allowing any embedded code (macros) to execute. Two copies of the same document can then be created, one created with macros executed and one created without macros executed. The two copies of the same document can then be examined to determine if executing the macro had any effect on the information content of the document. By comparing the two documents, the sacrificial PC can determine whether or not the macro is relevant to the particular document being tested.

If execution of the macro was necessary to produce the information contained in the tested document, then the macro's contribution is contained in the print image copy of the document produced by the sacrificial PC when it executed the document with macros enabled. This is the copy that is sent to the recipient.

Similarly, if testing the document with “macros disabled” has no impact on the content of the document, then the suspect macro is not necessary. It logically follows then, that the suspect macro is either irrelevant to the content the particular version of the document being tested or, it is a virus. In either case, the sacrificial PC has intercepted and nullified the suspect macro's impact on the recipient.

Any unexpected changes in the system trigger a virus alert. Standard user security processes alert all authorized personnel (309). A special “ghosting” reload of the operating system then takes place. The process is as follows.

Each Sacrificial PC is configured with two hard drives. Each hard drive is configured with a single active partition and contains a safe copy of the operating system obtained from the read-only device (110). The designated active partition—defined at start-up—is “toggled” between the two physical hard drives. This is done to increase the speed of reloading and to maximize the availability of sacrificial PCs. The unused drive—which is the one used to test the last attachment—is re-loaded, via ghosting software (310), with a fresh copy of the operating system obtained from the read only CD ROM (110). The connection between the Gatekeeper (102) and the sacrificial PC (105) is then re-established.

Once the sacrificial PC is re-ghosted, it is brought back on line and the GateKeeper assigns it a new authentication Key and encryption length parameter.

Once the Gatekeeper sends data to a sacrificial PC, it notes the time the data was sent. If no data is received back from a sacrificial PC within a specified period of time (typically two minutes), the Gatekeeper assumes the sacrificial PC has become the victim of a virus and died. When this occurs, the Gatekeeper signals a virus alert and requests human intervention to recover the dead sacrificial PC.

The method and system described above can also be implemented with the sacrificial PC implemented as a virtual machine or environment in the operating system of another computer. This computer could be the gatekeeper, an e-mail server or any other computer.

The method and system described above also be implemented with the gatekeeper system implemented as part of another system, such as a component of an already existing e-mail server.

The gatekeeper system and method described uses the file and macro authentication and encrypted client approval techniques described above to protect itself from both internal and external “hacking” attacks that may attempt to substitute, modify, destroy or otherwise nullify gatekeeper files and programs.

While a preferred embodiment has been set forth in detail above, those skilled in the art who have reviewed the present disclosure will readily appreciate that other embodiments can be realized within the scope of the invention. For example, the use of certain hardware, operating systems, or the like should be construed as illustrative rather than limiting. Therefore, the present invention should be construed as limited only by the appended claims.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US5623600Sep 26, 1995Apr 22, 1997Trend Micro, IncorporatedVirus detection and removal apparatus for computer networks
US5740370Mar 27, 1996Apr 14, 1998Clinton BattersbySystem for opening cache file associated with designated file of file server only if the file is not subject to being modified by different program
US5832208Sep 5, 1996Nov 3, 1998Cheyenne Software International Sales Corp.Anti-virus agent for use with databases and mail servers
US5842002May 30, 1997Nov 24, 1998Quantum Leap Innovations, Inc.Computer virus trap
US5889943Mar 29, 1996Mar 30, 1999Trend Micro IncorporatedApparatus and method for electronic mail virus detection and elimination
US5918054Nov 6, 1996Jun 29, 1999Ncr CorporationDistributed electronic performance support systems
US5940614Apr 18, 1991Aug 17, 1999International Business Machines CorporationHypertext control method and apparatus for displaying help information in an interactive data processing system
US6026502Jan 27, 1998Feb 15, 2000Wakayama; HironoriMethod and mechanism for preventing from invading of computer virus and/or hacker
US6092194Nov 6, 1997Jul 18, 2000Finjan Software, Ltd.System and method for protecting a computer and a network from hostile downloadables
US6094731Nov 9, 1998Jul 25, 2000Symantec CorporationAntivirus accelerator for computer networks
US6170055Nov 3, 1997Jan 2, 2001Iomega CorporationSystem for computer recovery using removable high capacity media
US6185678 *Oct 2, 1998Feb 6, 2001Trustees Of The University Of PennsylvaniaSecure and reliable bootstrap architecture
US6192477Feb 2, 1999Feb 20, 2001Dagg LlcMethods, software, and apparatus for secure communication over a computer network
US6253324 *Dec 23, 1997Jun 26, 2001Microsoft CorporationServer verification of requesting clients
US6311273Jul 6, 1999Oct 30, 2001Walter A. Helbig, Sr.Method and apparatus for enhancing computer system security
US6377691 *Dec 9, 1996Apr 23, 2002Microsoft CorporationChallenge-response authentication and key exchange for a connectionless security protocol
US6401210Sep 23, 1998Jun 4, 2002Intel CorporationMethod of managing computer virus infected files
US6487664Nov 24, 1998Nov 26, 2002E-Com Defense, Inc.Processes and systems for secured information exchange using computer hardware
US6487994 *Jan 24, 2001Dec 3, 2002Supercritical Combustion CorporationSub-critical water-fuel composition and combustion system
US6901519 *Nov 3, 2000May 31, 2005Infobahn, Inc.E-mail virus protection system and method
US20020035696Jun 7, 2001Mar 21, 2002Will ThackerSystem and method for protecting a networked computer from viruses
JP2000029799A Title not available
JPH11167533A Title not available
JPH11252158A Title not available
Non-Patent Citations
Reference
1"CERT(R) Advisory CA-1999-04 Melissa Macro Virus," http://www.cert.org/advisories/CA-1999-04.html.
2"CERT(R) Advisory CA-2000-04 Love Letter Worm," http://www.cert.org/advisories/CA-2000-04.html.
3"Declude Virus," http://www.declude.com/virus/index.html, (C) 2000-2002 Computerized Horizons.
4"ViruSafe FireWall 1.5 Software Plus-in Blocks Viruses, Vandals," http://www.cryptosoft.com/snews/feb98/16029806.htm.
5"ViruSafe(TM) FireWall," http://www.Bristol.de/virusafe2.html, no date on record.
6Brown, Reader Response Reveals e-mail hoax, Mar. 1998, Roanoke Times & World New start p. A5.
7Cornetto, Advances in Web Technology cause e-mail client problems, Aug. 1998, InfoWorld, vol. 20, p. 13.
8Horwitt, Communication Software: 104 Packages to get you on line, Nov. 1983, Business Computer Systems, vol. 2, abstract.
9Microsoft, Microsoft Computer Dictionary, 1997, Microsoft Press, 3rd Edition, p. 173.
10Microsoft, Microsoft Press Computer Dictionary, 1997, Microsoft Press, 3rd Sup. Edition, p. 141.
11Newton, Newton's Telecom Dictionary, 1998, Telecom Books, 14.sup.th Edition, pp. 334-335.
12Rad, Virus threat bytes computer users, Aug. 1998, Houston Chronicle.com, start p. 6.
13U.S. Appl. No. 11/650,561 entitled "Computer network virus protection system and method", inventors Walter Stewart et al., filed Jan. 9, 2007.
14U.S. Appl. No. 11/971,754 entitled "Computer Network Virus Protection System and Method", inventors Walter Stewart et al., filed Jan. 9, 2008.
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US7979691Jul 12, 2011Intellectual Ventures I LlcComputer virus protection
US8321791Jul 13, 2009Nov 27, 2012Mcafee, Inc.Indicating website reputations during website manipulation of user information
US8327439Jul 11, 2011Dec 4, 2012Mcafee, Inc.System, method and computer program product for identifying functions in computer code that control a behavior thereof when executed
US8332929Dec 11, 2012Mcafee, Inc.Method and apparatus for process enforced configuration management
US8341693Dec 25, 2012Mcafee, Inc.Enterprise-wide security system for computer devices
US8352930Jan 8, 2013Mcafee, Inc.Software modification by group to minimize breakage
US8358844Jan 22, 2013Mcafee, Inc.System, method, and computer program product for determining whether text within an image includes unwanted data, utilizing a matrix
US8370928Jan 26, 2006Feb 5, 2013Mcafee, Inc.System, method and computer program product for behavioral partitioning of a network to detect undesirable nodes
US8370941Feb 5, 2013Mcafee, Inc.Rootkit scanning system, method, and computer program product
US8381284Aug 21, 2009Feb 19, 2013Mcafee, Inc.System and method for enforcing security policies in a virtual environment
US8392994Mar 28, 2011Mar 5, 2013Mcafee, Inc.System, method and computer program product for context-driven behavioral heuristics
US8392998Mar 5, 2013Mcafee, Inc.Uniquely identifying attacked assets
US8406523Dec 7, 2005Mar 26, 2013Mcafee, Inc.System, method and computer program product for detecting unwanted data using a rendered format
US8411684Oct 26, 2009Apr 2, 2013Mcafee, Inc.System, method, and computer program product for determining a hop count between network devices utilizing a binary search
US8429545Aug 10, 2007Apr 23, 2013Mcafee, Inc.System, method, and computer program product for presenting an indicia of risk reflecting an analysis associated with search results within a graphical user interface
US8438499May 7, 2013Mcafee, Inc.Indicating website reputations during user interactions
US8446607May 21, 2013Mcafee, Inc.Method and system for policy based monitoring and blocking of printing activities on local and network printers
US8447722May 21, 2013Mcafee, Inc.System and method for data mining and security policy management
US8448221Mar 12, 2010May 21, 2013Mcafee, Inc.System, method, and computer program product for displaying network events in terms of objects managed by a security appliance and/or a routing device
US8458789Mar 9, 2006Jun 4, 2013Mcafee, Inc.System, method and computer program product for identifying unwanted code associated with network communications
US8458794Jun 4, 2013Mcafee, Inc.System, method, and computer program product for determining whether a hook is associated with potentially unwanted activity
US8463800Jun 11, 2013Mcafee, Inc.Attributes of captured objects in a capture system
US8468256Jul 2, 2007Jun 18, 2013Mcafee, Inc.Automatically configuring a computer firewall based on network connection
US8473442Feb 25, 2009Jun 25, 2013Mcafee, Inc.System and method for intelligent state management
US8479297Nov 23, 2010Jul 2, 2013Mcafee, Inc.Prioritizing network assets
US8484295Dec 21, 2005Jul 9, 2013Mcafee, Inc.Subscriber reputation filtering method for analyzing subscriber activity and detecting account misuse
US8484327Nov 7, 2007Jul 9, 2013Mcafee, Inc.Method and system for generic real time management of devices on computers connected to a network
US8484703May 12, 2009Jul 9, 2013Mcafee, Inc.Systems and methods for delegation and notification of administration of internet access
US8484725Oct 26, 2005Jul 9, 2013Mcafee, Inc.System, method and computer program product for utilizing a threat scanner for performing non-threat-related processing
US8484753Dec 2, 2009Jul 9, 2013Mcafee, Inc.Hooking nonexported functions by the offset of the function
US8495386Apr 5, 2011Jul 23, 2013Mcafee, Inc.Encryption of memory device with wear leveling
US8495700Feb 28, 2006Jul 23, 2013Mcafee, Inc.Mobile data security system and methods
US8495745Nov 30, 2009Jul 23, 2013Mcafee, Inc.Asset risk analysis
US8495747Mar 31, 2010Jul 23, 2013Mcafee, Inc.Prioritizing asset remediations
US8499337Oct 6, 2005Jul 30, 2013Mcafee, Inc.Systems and methods for delegation and notification of administration of internet access
US8499351Dec 17, 2009Jul 30, 2013Mcafee, Inc.Isolated security monitoring system
US8503717Dec 19, 2011Aug 6, 2013Mcafee, Inc.Detection of spam images
US8504537Mar 24, 2006Aug 6, 2013Mcafee, Inc.Signature distribution in a document registration system
US8504622Nov 5, 2007Aug 6, 2013Mcafee, Inc.System, method, and computer program product for reacting based on a frequency in which a compromised source communicates unsolicited electronic messages
US8510839Mar 28, 2011Aug 13, 2013Mcafee, Inc.Detecting malware carried by an E-mail message
US8515075Jan 29, 2009Aug 20, 2013Mcafee, Inc.Method of and system for malicious software detection using critical address space protection
US8516377Sep 15, 2012Aug 20, 2013Mcafee, Inc.Indicating Website reputations during Website manipulation of user information
US8520512Jul 31, 2006Aug 27, 2013Mcafee, Inc.Network appliance for customizable quarantining of a node on a network
US8521891Jun 21, 2007Aug 27, 2013Mcafee, Inc.Network browser system, method, and computer program product for conditionally loading a portion of data from a network based on a data transfer rate
US8522199Feb 26, 2010Aug 27, 2013Mcafee, Inc.System, method, and computer program product for applying a regular expression to content based on required strings of the regular expression
US8522318Sep 10, 2010Aug 27, 2013Mcafee, Inc.Enabling dynamic authentication with different protocols on the same port for a switch
US8527978Mar 31, 2008Sep 3, 2013Mcafee, Inc.System, method, and computer program product for populating a list of known wanted data
US8528089Dec 19, 2006Sep 3, 2013Mcafee, Inc.Known files database for malware elimination
US8528092Mar 8, 2012Sep 3, 2013Mcafee, Inc.System, method, and computer program product for identifying unwanted activity utilizing a honeypot device accessible via VLAN trunking
US8539063Aug 29, 2003Sep 17, 2013Mcafee, Inc.Method and system for containment of networked application client software by explicit human input
US8539563May 24, 2011Sep 17, 2013McAfee (Singapore) Pte, Ltd.Non-obtrusive security system for devices
US8539583Nov 3, 2009Sep 17, 2013Mcafee, Inc.Rollback feature
US8544003Dec 11, 2009Sep 24, 2013Mcafee, Inc.System and method for managing virtual machine configurations
US8548170May 25, 2004Oct 1, 2013Mcafee, Inc.Document de-registration
US8549003Sep 12, 2010Oct 1, 2013Mcafee, Inc.System and method for clustering host inventories
US8549546Nov 15, 2010Oct 1, 2013Mcafee, Inc.Method and system for containment of usage of language interfaces
US8549611Jul 19, 2011Oct 1, 2013Mcafee, Inc.Systems and methods for classification of messaging entities
US8549635Apr 1, 2012Oct 1, 2013Mcafee, Inc.Malware detection using external call characteristics
US8554774Sep 1, 2010Oct 8, 2013Mcafee, Inc.System and method for word indexing in a capture system and querying thereof
US8554903Oct 23, 2007Oct 8, 2013Vadarro Services Limited Liability CompanyNetwork appliance for vulnerability assessment auditing over multiple networks
US8555374Jun 24, 2011Oct 8, 2013Mcafee, Inc.High performance packet processing using a general purpose processor
US8555389Aug 8, 2011Oct 8, 2013Mcafee, Inc.Integrated firewall, IPS, and virus scanner system and method
US8555404May 18, 2006Oct 8, 2013Mcafee, Inc.Connectivity-based authorization
US8560521Jun 16, 2011Oct 15, 2013Mcafee, Inc.System, method, and computer program product for processing a prefix tree file utilizing a selected agent
US8560534Jan 27, 2009Oct 15, 2013Mcafee, Inc.Database for a capture system
US8560614Nov 29, 2006Oct 15, 2013Mcafee, Inc.Scanner-driven email message decomposition
US8561051Dec 22, 2010Oct 15, 2013Mcafee, Inc.Solidifying the executable software set of a computer
US8561082Oct 13, 2010Oct 15, 2013Mcafee, Inc.Method and system for containment of usage of language interfaces
US8561167Jan 24, 2007Oct 15, 2013Mcafee, Inc.Web reputation scoring
US8561175Feb 13, 2004Oct 15, 2013Preventsys, Inc.System and method for automated policy audit and remediation management
US8561198May 7, 2010Oct 15, 2013Mcafee, Inc.Detection of malicious system calls
US8565726Nov 6, 2009Oct 22, 2013Mcafee, Inc.System, method and device for mediating connections between policy source servers, corporate repositories, and mobile devices
US8566726Jan 26, 2006Oct 22, 2013Mcafee, Inc.Indicating website reputations based on website handling of personal information
US8566942Sep 23, 2009Oct 22, 2013Mcafee, Inc.System, method, and computer program product for tracking the migration of objects to determine whether to perform a network based check
US8572014Oct 16, 2009Oct 29, 2013Mcafee, Inc.Pattern recognition using transition table templates
US8572676Nov 6, 2009Oct 29, 2013Mcafee, Inc.System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices
US8572732Feb 27, 2012Oct 29, 2013Mcafee, Inc.System, method, and computer program product for enabling communication between security systems
US8578051Aug 16, 2010Nov 5, 2013Mcafee, Inc.Reputation based load balancing
US8578480Jun 9, 2006Nov 5, 2013Mcafee, Inc.Systems and methods for identifying potentially malicious messages
US8583792Feb 13, 2012Nov 12, 2013Mcafee, Inc.Probe election in failover configuration
US8589503Apr 2, 2009Nov 19, 2013Mcafee, Inc.Prioritizing network traffic
US8590002Nov 29, 2006Nov 19, 2013Mcafee Inc.System, method and computer program product for maintaining a confidentiality of data on a network
US8595822Dec 29, 2011Nov 26, 2013Mcafee, Inc.System and method for cloud based scanning for computer vulnerabilities in a network environment
US8595845 *Jan 19, 2012Nov 26, 2013Mcafee, Inc.Calculating quantitative asset risk
US8601067Apr 30, 2007Dec 3, 2013Mcafee, Inc.Electronic message manager system, method, and computer scanning an electronic message for unwanted content and associated unwanted sites
US8601094Jun 6, 2012Dec 3, 2013Mcafee, Inc.Method and computer program product utilizing multiple UDP data packets to transfer a quantity of data otherwise in excess of a single UDP packet
US8601160Feb 9, 2006Dec 3, 2013Mcafee, Inc.System, method and computer program product for gathering information relating to electronic content utilizing a DNS server
US8601451Aug 29, 2007Dec 3, 2013Mcafee, Inc.System, method, and computer program product for determining whether code is unwanted based on the decompilation thereof
US8601537Mar 19, 2012Dec 3, 2013Mcafee, Inc.System and method for data mining and security policy management
US8606910Dec 15, 2011Dec 10, 2013Mcafee, Inc.Prioritizing network traffic
US8613006Dec 15, 2011Dec 17, 2013Mcafee, Inc.System, method, and computer program product for terminating a hidden kernel process
US8613093Aug 15, 2007Dec 17, 2013Mcafee, Inc.System, method, and computer program product for comparing an object with object enumeration results to identify an anomaly that at least potentially indicates unwanted activity
US8615502Apr 20, 2009Dec 24, 2013Mcafee, Inc.Method of and system for reverse mapping vnode pointers
US8615582Feb 15, 2012Dec 24, 2013Mcafee, Inc.System and method for network vulnerability detection and reporting
US8621008Apr 26, 2007Dec 31, 2013Mcafee, Inc.System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US8621060Feb 15, 2012Dec 31, 2013Mcafee, Inc.System and method for network vulnerability detection and reporting
US8621077Sep 21, 2001Dec 31, 2013Mcafee, Inc.Distribution of security policies for small to medium-sized organizations
US8621559May 1, 2012Dec 31, 2013Mcafee, Inc.Adjusting filter or classification control settings
US8621638May 16, 2011Dec 31, 2013Mcafee, Inc.Systems and methods for classification of messaging entities
US8627099Aug 1, 2005Jan 7, 2014Mcafee, Inc.System, method and computer program product for removing null values during scanning
US8627443Mar 29, 2012Jan 7, 2014Mcafee, Inc.Network adapter firewall system and method
US8627458Jan 13, 2004Jan 7, 2014Mcafee, Inc.Detecting malicious computer program activity using external program calls with dynamic rule sets
US8627462May 10, 2010Jan 7, 2014Mcafee, Inc.Token processing
US8627466Sep 26, 2011Jan 7, 2014Mcafee, Inc.Alert message control of security mechanisms in data processing systems
US8631124Jun 27, 2011Jan 14, 2014Mcafee, Inc.Network analysis system and method utilizing collected metadata
US8635661Dec 22, 2004Jan 21, 2014Mcafee, Inc.System and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US8635690Jan 25, 2008Jan 21, 2014Mcafee, Inc.Reputation based message processing
US8635706Mar 16, 2012Jan 21, 2014Mcafee, Inc.System and method for data mining and security policy management
US8640237Aug 8, 2011Jan 28, 2014Mcafee, Inc.Integrated firewall, IPS, and virus scanner system and method
US8645478 *Dec 10, 2009Feb 4, 2014Mcafee, Inc.System and method for monitoring social engineering in a computer network environment
US8646089Oct 18, 2011Feb 4, 2014Mcafee, Inc.System and method for transitioning to a whitelist mode during a malware attack in a network environment
US8650200Jun 21, 2011Feb 11, 2014Mcafee, Inc.System, method, and computer program product for identifying objects as at least potentially unwanted based on strings of symbols
US8650287Apr 27, 2011Feb 11, 2014Mcafee, Inc.Local reputation to adjust sensitivity of behavioral detection system
US8650638Oct 18, 2011Feb 11, 2014Mcafee, Inc.System and method for detecting a file embedded in an arbitrary location and determining the reputation of the file
US8655959Jan 3, 2008Feb 18, 2014Mcafee, Inc.System, method, and computer program product for providing a rating of an electronic message
US8656039Jun 8, 2004Feb 18, 2014Mcafee, Inc.Rule parser
US8656502Apr 4, 2002Feb 18, 2014Mcafee, Inc.Controlling use of a computer program installed on a computer
US8661102Nov 28, 2005Feb 25, 2014Mcafee, Inc.System, method and computer program product for detecting patterns among information from a distributed honey pot system
US8661126Feb 10, 2012Feb 25, 2014Mcafee, Inc.System and method for network vulnerability detection and reporting
US8667121Mar 25, 2009Mar 4, 2014Mcafee, Inc.System and method for managing data and policies
US8667582Dec 10, 2007Mar 4, 2014Mcafee, Inc.System, method, and computer program product for directing predetermined network traffic to a honeypot
US8671087Dec 5, 2011Mar 11, 2014Mcafee, Inc.System, method and computer program product for scanning and indexing data for different purposes
US8671181Oct 6, 2009Mar 11, 2014Mcafee, Inc.Host entry synchronization
US8671439Jul 23, 2009Mar 11, 2014Intel CorporationTechniques for authenticated posture reporting and associated enforcement of network access
US8677487Oct 18, 2011Mar 18, 2014Mcafee, Inc.System and method for detecting a malicious command and control channel
US8677497Dec 28, 2011Mar 18, 2014Mcafee, Inc.Mobile risk assessment
US8683035Apr 18, 2011Mar 25, 2014Mcafee, Inc.Attributes of captured objects in a capture system
US8683220Sep 29, 2011Mar 25, 2014Mcafee, Inc.System and method for securing database activity
US8694738Oct 11, 2011Apr 8, 2014Mcafee, Inc.System and method for critical address space protection in a hypervisor environment
US8695027Jun 30, 2011Apr 8, 2014Mcafee, Inc.System and method for application security assessment
US8700561Dec 27, 2011Apr 15, 2014Mcafee, Inc.System and method for providing data protection workflows in a network environment
US8700767Feb 10, 2012Apr 15, 2014Mcafee, Inc.System and method for network vulnerability detection and reporting
US8701182Jul 25, 2012Apr 15, 2014Mcafee, Inc.Method and apparatus for process enforced configuration management
US8701196Mar 31, 2006Apr 15, 2014Mcafee, Inc.System, method and computer program product for obtaining a reputation associated with a file
US8706709Jan 15, 2009Apr 22, 2014Mcafee, Inc.System and method for intelligent term grouping
US8707008Mar 16, 2011Apr 22, 2014Mcafee, Inc.File system for a capture system
US8707422Jul 25, 2012Apr 22, 2014Mcafee, Inc.Method and apparatus for process enforced configuration management
US8707425Sep 7, 2007Apr 22, 2014Mcafee, Inc.System, method, and computer program product for preventing scanning of a copy of a message
US8707434Aug 17, 2011Apr 22, 2014Mcafee, Inc.System and method for indirect interface monitoring and plumb-lining
US8707446Jul 2, 2012Apr 22, 2014Mcafee, Inc.Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US8713468Mar 29, 2012Apr 29, 2014Mcafee, Inc.System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US8713668Oct 17, 2011Apr 29, 2014Mcafee, Inc.System and method for redirected firewall discovery in a network environment
US8730955Feb 10, 2011May 20, 2014Mcafee, Inc.High speed packet capture
US8738708Sep 29, 2006May 27, 2014Mcafee, Inc.Bounce management in a trusted communication network
US8739189Jan 24, 2008May 27, 2014Mcafee, Inc.System, method, and computer program product for invoking an application program interface within an interception of another application program interface
US8739272Apr 2, 2012May 27, 2014Mcafee, Inc.System and method for interlocking a host and a gateway
US8750108Apr 29, 2012Jun 10, 2014Mcafee, Inc.System and method for controlling mobile device access to a network
US8756290Sep 26, 2012Jun 17, 2014Mcafee, Inc.System, method and computer program product for reconstructing data received by a computer in a manner that is independent of the computer
US8762386Jun 24, 2011Jun 24, 2014Mcafee, Inc.Method and apparatus for data capture and analysis system
US8762537Jun 4, 2012Jun 24, 2014Mcafee, Inc.Multi-dimensional reputation scoring
US8762928Nov 15, 2010Jun 24, 2014Mcafee, Inc.Method and system for containment of usage of language interfaces
US8763114Jan 24, 2007Jun 24, 2014Mcafee, Inc.Detecting image spam
US8763118Sep 28, 2012Jun 24, 2014Mcafee, Inc.Classification of software on networked systems
US8769258May 26, 2011Jul 1, 2014Intellectual Ventures I LlcComputer virus protection
US8769692Jul 14, 2011Jul 1, 2014Mcafee, Inc.System and method for detecting malware by transforming objects and analyzing different views of objects
US8776230Oct 2, 2001Jul 8, 2014Mcafee, Inc.Master security policy server
US8776252Sep 28, 2012Jul 8, 2014Mcafee, Inc.System, method, and computer program product for securing data on a server based on a heuristic analysis
US8782084Mar 31, 2009Jul 15, 2014Mcafee, Inc.System, method, and computer program product for conditionally allowing access to data on a device based on a location of the device
US8782260Sep 14, 2007Jul 15, 2014Mcafee, Inc.Network access control system and method using adaptive proxies
US8789140Dec 6, 2011Jul 22, 2014Preventsys, Inc.System and method for interfacing with heterogeneous network data gathering tools
US8789190Dec 23, 2011Jul 22, 2014Mcafee, Inc.System and method for scanning for computer vulnerabilities in a network environment
US8793326Oct 14, 2013Jul 29, 2014Mcafee, Inc.System, method and computer program product for reconstructing data received by a computer in a manner that is independent of the computer
US8793477Feb 12, 2008Jul 29, 2014Mcafee, Inc.Bootstrap OS protection and recovery
US8793763Dec 6, 2011Jul 29, 2014Preventsys, Inc.System and method for interfacing with heterogeneous network data gathering tools
US8793802May 22, 2007Jul 29, 2014Mcafee, Inc.System, method, and computer program product for preventing data leakage utilizing a map of data
US8799450Oct 14, 2008Aug 5, 2014Mcafee, Inc.Server-based system, method, and computer program product for scanning data on a client using only a subset of the data
US8800024Oct 17, 2011Aug 5, 2014Mcafee, Inc.System and method for host-initiated firewall discovery in a network environment
US8800046Apr 10, 2012Aug 5, 2014Mcafee, Inc.Unified scan engine
US8806615Nov 4, 2010Aug 12, 2014Mcafee, Inc.System and method for protecting specified data combinations
US8806645Apr 1, 2011Aug 12, 2014Mcafee, Inc.Identifying relationships between security metrics
US8819306Dec 28, 2012Aug 26, 2014Intel CorporationGeneral input/output architecture with PCI express protocol with credit-based flow control
US8819445Apr 9, 2012Aug 26, 2014Mcafee, Inc.Wireless token authentication
US8826154Mar 27, 2012Sep 2, 2014Mcafee, Inc.System, method, and computer program product for presenting an indicia of risk associated with search results within a graphical user interface
US8826155Aug 6, 2012Sep 2, 2014Mcafee, Inc.System, method, and computer program product for presenting an indicia of risk reflecting an analysis associated with search results within a graphical user interface
US8826378Dec 22, 2009Sep 2, 2014Intel CorporationTechniques for authenticated posture reporting and associated enforcement of network access
US8838714Mar 24, 2012Sep 16, 2014Mcafee, Inc.Unwanted e-mail filtering system including voting feedback
US8839349Dec 29, 2011Sep 16, 2014Mcafee, Inc.Integrating security policy and event management
US8839417Nov 17, 2004Sep 16, 2014Mcafee, Inc.Device, system and method for defending a computer network
US8843496Sep 3, 2013Sep 23, 2014Mcafee, Inc.System and method for clustering host inventories
US8849734Jun 29, 2010Sep 30, 2014Mcafee Inc.System, method, and computer program product for updating an algorithm
US8849993Mar 28, 2011Sep 30, 2014Intel CorporationMethod and apparatus for rate limiting
US8850029Feb 14, 2008Sep 30, 2014Mcafee, Inc.System, method, and computer program product for managing at least one aspect of a connection based on application behavior
US8850512Oct 13, 2011Sep 30, 2014Mcafee, Inc.Security assessment of virtual machine environments
US8850530Sep 28, 2012Sep 30, 2014Mcafee, Inc.Enterprise-wide security system for computer devices
US8850543Dec 23, 2012Sep 30, 2014Mcafee, Inc.Hardware-based device authentication
US8850591Jan 13, 2009Sep 30, 2014Mcafee, Inc.System and method for concept building
US8856931May 10, 2012Oct 7, 2014Mcafee, Inc.Network browser system, method, and computer program product for scanning data for unwanted content and associated unwanted sites
US8862752Apr 11, 2007Oct 14, 2014Mcafee, Inc.System, method, and computer program product for conditionally preventing the transfer of data based on a location thereof
US8863159Jul 11, 2006Oct 14, 2014Mcafee, Inc.System, method and computer program product for inserting an emulation layer in association with a COM server DLL
US8863282Oct 15, 2009Oct 14, 2014Mcafee Inc.Detecting and responding to malware using link files
US8869265Dec 21, 2012Oct 21, 2014Mcafee, Inc.System and method for enforcing security policies in a virtual environment
US8869271Feb 2, 2010Oct 21, 2014Mcafee, Inc.System and method for risk rating and detecting redirection activities
US8869272Aug 13, 2010Oct 21, 2014Mcafee, Inc.System, method, and computer program product for preventing a modification to a domain name system setting
US8874766Mar 9, 2012Oct 28, 2014Mcafee, Inc.System and method for flexible network access control policies in a network environment
US8881289Dec 22, 2011Nov 4, 2014Mcafee, Inc.User behavioral risk assessment
US8886630Dec 29, 2011Nov 11, 2014Mcafee, Inc.Collaborative searching
US8893285Mar 14, 2008Nov 18, 2014Mcafee, Inc.Securing data using integrated host-based data loss agent with encryption detection
US8918359May 16, 2013Dec 23, 2014Mcafee, Inc.System and method for data mining and security policy management
US8918864Jun 5, 2007Dec 23, 2014Mcafee, Inc.System, method, and computer program product for making a scan decision during communication of data over a network
US8918872Jun 27, 2008Dec 23, 2014Mcafee, Inc.System, method, and computer program product for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device
US8924721Oct 6, 2009Dec 30, 2014Mcafee, Inc.Nonce generation
US8925101Jul 28, 2010Dec 30, 2014Mcafee, Inc.System and method for local protection against malicious software
US8930689Sep 28, 2011Jan 6, 2015Mcafee, Inc.Securing email conversations
US8931043Apr 10, 2012Jan 6, 2015Mcafee Inc.System and method for determining and using local reputations of users and hosts to protect information in a network environment
US8935384May 6, 2011Jan 13, 2015Mcafee Inc.Distributed data revocation using data commands
US8938800Jul 28, 2010Jan 20, 2015Mcafee, Inc.System and method for network level protection against malicious software
US8943158Dec 30, 2013Jan 27, 2015Mcafee, Inc.System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US8949976Mar 10, 2006Feb 3, 2015Mcafee Inc.Scanning computer files for specified content
US8949993Dec 28, 2011Feb 3, 2015Mcafee Inc.Mobile risk assessment
US8954573Apr 11, 2012Feb 10, 2015Mcafee Inc.Network address repository management
US8954578Jul 30, 2012Feb 10, 2015Mcafee Inc.System and method for heuristic determination of network protocols
US8955036Apr 11, 2012Feb 10, 2015Mcafee, Inc.System asset repository management
US8955075Dec 23, 2012Feb 10, 2015Mcafee IncHardware-based device authentication
US8955121Dec 5, 2013Feb 10, 2015Mcafee, Inc.System, method, and computer program product for dynamically adjusting a level of security applied to a system
US8966638Aug 23, 2013Feb 24, 2015Mcafee, Inc.System, method, and computer program product for selecting a wireless network based on security information
US8973144Oct 13, 2011Mar 3, 2015Mcafee, Inc.System and method for kernel rootkit protection in a hypervisor environment
US8973146Dec 27, 2012Mar 3, 2015Mcafee, Inc.Herd based scan avoidance system in a network environment
US8973147Dec 29, 2011Mar 3, 2015Mcafee, Inc.Geo-mapping system security events
US8997234Jul 27, 2011Mar 31, 2015Mcafee, Inc.System and method for network-based asset operational dependence scoring
US9002771Nov 27, 2012Apr 7, 2015Mcafee, Inc.System, method, and computer program product for applying a rule to associated events
US9009321Jun 4, 2012Apr 14, 2015Mcafee, Inc.Multi-dimensional reputation scoring
US9015472Mar 10, 2006Apr 21, 2015Mcafee, Inc.Marking electronic messages to indicate human origination
US9015793Dec 21, 2012Apr 21, 2015Mcafee, Inc.Hardware management interface
US9015829Oct 20, 2009Apr 21, 2015Mcafee, Inc.Preventing and responding to disabling of malware protection software
US9021595Jul 23, 2013Apr 28, 2015Mcafee, Inc.Asset risk analysis
US9026784Jan 26, 2012May 5, 2015Mcafee, Inc.System and method for innovative management of transport layer security session tickets in a network environment
US9027132Sep 30, 2013May 5, 2015Mcafee, Inc.System, method and computer program product for monitoring and/or analyzing at least one aspect of an invocation of an interface
US9032523Sep 16, 2013May 12, 2015Mcafee, Inc.Rollback feature
US9037668Nov 19, 2013May 19, 2015Mcafee, Inc.Electronic message manager system, method, and computer program product for scanning an electronic message for unwanted content and associated unwanted sites
US9043918Oct 13, 2011May 26, 2015Mcafee, Inc.System and method for profile based filtering of outgoing information in a mobile environment
US9049118Nov 11, 2013Jun 2, 2015Mcafee, Inc.Probe election in failover configuration
US9049207Apr 11, 2012Jun 2, 2015Mcafee, Inc.Asset detection system
US9049235Nov 21, 2012Jun 2, 2015Mcafee, Inc.Cloud email message scanning with local policy application in a network environment
US9055098Sep 12, 2007Jun 9, 2015Mcafee, Inc.Embedded anti-virus scanner for a network adapter
US9058486Dec 22, 2011Jun 16, 2015Mcafee, Inc.User behavioral risk assessment
US9059870 *Oct 5, 2012Jun 16, 2015Symantec CorporationTechniques for managing electronic message distribution
US9069586Oct 13, 2011Jun 30, 2015Mcafee, Inc.System and method for kernel rootkit protection in a hypervisor environment
US9075993Jan 24, 2011Jul 7, 2015Mcafee, Inc.System and method for selectively grouping and managing program files
US9077684Aug 6, 2008Jul 7, 2015Mcafee, Inc.System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US9092471Feb 14, 2014Jul 28, 2015Mcafee, Inc.Rule parser
US9092624Oct 1, 2012Jul 28, 2015Mcafee, Inc.System, method, and computer program product for conditionally performing a scan on data based on an associated data structure
US9094338Mar 21, 2014Jul 28, 2015Mcafee, Inc.Attributes of captured objects in a capture system
US9094434Aug 26, 2013Jul 28, 2015Mcafee, Inc.System and method for automated policy audit and remediation management
US9106478Sep 28, 2012Aug 11, 2015Mcafee, Inc.System, method and computer program product for scanning portions of data
US9106680Jun 27, 2011Aug 11, 2015Mcafee, Inc.System and method for protocol fingerprinting and reputation correlation
US9112830Feb 23, 2011Aug 18, 2015Mcafee, Inc.System and method for interlocking a host and a gateway
US9112896Mar 6, 2014Aug 18, 2015Mcafee, Inc.Mobile risk assessment
US9122877Mar 21, 2011Sep 1, 2015Mcafee, Inc.System and method for malware and network reputation correlation
US9131370Dec 29, 2011Sep 8, 2015Mcafee, Inc.Simplified mobile communication device
US9134998Apr 21, 2014Sep 15, 2015Mcafee, Inc.Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US9135443May 6, 2010Sep 15, 2015Mcafee, Inc.Identifying malicious threads
US9141786Feb 11, 2015Sep 22, 2015Finjan, Inc.Malicious mobile code runtime monitoring system and methods
US9143519Mar 15, 2013Sep 22, 2015Mcafee, Inc.Remote malware remediation
US9152784Apr 18, 2012Oct 6, 2015Mcafee, Inc.Detection and prevention of installation of malicious mobile applications
US9160755Aug 17, 2006Oct 13, 2015Mcafee, Inc.Trusted communication network
US9166984Oct 9, 2012Oct 20, 2015Mcafee, Inc.System, method and computer program product for controlling network communications based on policy compliance
US9172715Oct 22, 2013Oct 27, 2015Mcafee, Inc.Stealth network attack monitoring
US9183386Sep 27, 2012Nov 10, 2015Mcafee, Inc.Windows registry modification verification
US9185093Dec 31, 2012Nov 10, 2015Mcafee, Inc.System and method for correlating network information with subscriber information in a mobile network environment
US9189621Feb 11, 2015Nov 17, 2015Finjan, Inc.Malicious mobile code runtime monitoring system and methods
US9195937Mar 30, 2012Nov 24, 2015Mcafee, Inc.System and method for intelligent state management
US9197660Mar 15, 2013Nov 24, 2015Mcafee, Inc.Generic privilege escalation prevention
US9210111Dec 25, 2012Dec 8, 2015Mcafee, Inc.Stopping and remediating outbound messaging abuse
US9210193Sep 24, 2014Dec 8, 2015Mcafee, Inc.System and method for flexible network access control policies in a network environment
US9213838Aug 24, 2012Dec 15, 2015Mcafee Ireland Holdings LimitedSystems and methods of processing data associated with detection and/or handling of malware
US9215197Mar 24, 2012Dec 15, 2015Mcafee, Inc.System, method, and computer program product for preventing image-related data loss
US9219755Jun 5, 2015Dec 22, 2015Finjan, Inc.Malicious mobile code runtime monitoring system and methods
US9223874Nov 10, 2014Dec 29, 2015Mcafee, Inc.Collaborative searching
US9231976Mar 15, 2013Jan 5, 2016Mcafee, Inc.Creating and managing a network security tag
US9237171Apr 8, 2014Jan 12, 2016Mcafee, Inc.System and method for indirect interface monitoring and plumb-lining
US9246860Oct 9, 2013Jan 26, 2016Mcafee, Inc.System, method and computer program product for gathering information relating to electronic content utilizing a DNS server
US9250928Dec 29, 2011Feb 2, 2016Mcafee, Inc.Cooperative mobile analytics
US9251351Oct 11, 2011Feb 2, 2016Mcafee, Inc.System and method for grouping computer vulnerabilities
US9253154Aug 12, 2008Feb 2, 2016Mcafee, Inc.Configuration management for a capture/registration system
US9262592Apr 9, 2012Feb 16, 2016Mcafee, Inc.Wireless storage device
US9262623Aug 22, 2012Feb 16, 2016Mcafee, Inc.Anonymous shipment brokering
US9262624Sep 16, 2011Feb 16, 2016Mcafee, Inc.Device-tailored whitelists
US9268933Aug 22, 2012Feb 23, 2016Mcafee, Inc.Privacy broker
US9270626 *Nov 17, 2014Feb 23, 2016Whatsapp Inc.System and method for detecting unwanted content
US9288222Jun 25, 2014Mar 15, 2016Mcafee, Inc.Bootstrap OS protection and recovery
US9294478Sep 29, 2014Mar 22, 2016Mcafee, Inc.Hardware-based device authentication
US9294505Oct 20, 2014Mar 22, 2016Mcafee, Inc.System, method, and computer program product for preventing a modification to a domain name system setting
US9298910Jun 8, 2011Mar 29, 2016Mcafee, Inc.System and method for virtual partition monitoring
US9306967Aug 30, 2013Apr 5, 2016Callahan Cellular L.L.C.Network appliance for vulnerability assessment auditing over multiple networks
US9311126Jul 27, 2011Apr 12, 2016Mcafee, Inc.System and method for virtual partition monitoring
US9311480Mar 15, 2013Apr 12, 2016Mcafee, Inc.Server-assisted anti-malware client
US9313232Dec 19, 2014Apr 12, 2016Mcafee, Inc.System and method for data mining and security policy management
US9323935Dec 18, 2012Apr 26, 2016Mcafee, Inc.User device security profile
US9326134Oct 18, 2013Apr 26, 2016Mcafee Inc.Data loss prevention for mobile computing devices
US9338657Oct 16, 2012May 10, 2016Mcafee, Inc.System and method for correlating security events with subscriber information in a mobile network environment
US9351163Dec 26, 2012May 24, 2016Mcafee, Inc.Automatic sanitization of data on a mobile device in a network environment
US9356909Apr 28, 2014May 31, 2016Mcafee, Inc.System and method for redirected firewall discovery in a network environment
US9356970Mar 2, 2015May 31, 2016Mcafee, Inc.Geo-mapping system security events
US9369415Jan 30, 2015Jun 14, 2016Mcafee, Inc.Marking electronic messages to indicate human origination
US9374225Sep 30, 2013Jun 21, 2016Mcafee, Inc.Document de-registration
US9374353Jul 26, 2013Jun 21, 2016Mcafee, Inc.Enabling dynamic authentication with different protocols on the same port for a switch
US9380072Oct 30, 2014Jun 28, 2016Mcafee, Inc.System, method, and computer program for preventing infections from spreading in a network environment using dynamic application of a firewall policy
US9384345Jan 26, 2006Jul 5, 2016Mcafee, Inc.Providing alternative web content based on website reputation assessment
US9391858Oct 6, 2009Jul 12, 2016Mcafee, Inc.Host information collection
US20050015622 *Feb 13, 2004Jan 20, 2005Williams John LeslieSystem and method for automated policy audit and remediation management
US20050132034 *Jun 8, 2004Jun 16, 2005Iglesia Erik D.L.Rule parser
US20050154900 *Jan 13, 2004Jul 14, 2005Networks Associates Technology, Inc.Detecting malicious computer program activity using external program calls with dynamic rule sets
US20060251068 *Jun 9, 2006Nov 9, 2006Ciphertrust, Inc.Systems and Methods for Identifying Potentially Malicious Messages
US20060253578 *Jan 26, 2006Nov 9, 2006Dixon Christopher JIndicating website reputations during user interactions
US20060253580 *Jan 26, 2006Nov 9, 2006Dixon Christopher JWebsite reputation product architecture
US20060253583 *Jan 26, 2006Nov 9, 2006Dixon Christopher JIndicating website reputations based on website handling of personal information
US20060253584 *Jan 26, 2006Nov 9, 2006Dixon Christopher JReputation of an entity associated with a content item
US20070107059 *Aug 17, 2006May 10, 2007Mxtn, Inc.Trusted Communication Network
US20070143824 *Dec 22, 2004Jun 21, 2007Majid ShahbaziSystem and method for enforcing a security policy on mobile devices using dynamically generated security profiles
US20070244974 *Sep 29, 2006Oct 18, 2007Mxtn, Inc.Bounce Management in a Trusted Communication Network
US20080060076 *Oct 23, 2007Mar 6, 2008Lockdown Networks, Inc.Network appliance for vulnerability assessment auditing over multiple networks
US20080109473 *Aug 10, 2007May 8, 2008Dixon Christopher JSystem, method, and computer program product for presenting an indicia of risk reflecting an analysis associated with search results within a graphical user interface
US20080126493 *Nov 29, 2006May 29, 2008Mcafee, IncScanner-driven email message decomposition
US20080147612 *Dec 19, 2006Jun 19, 2008Mcafee, Inc.Known files database for malware elimination
US20080184366 *Jan 25, 2008Jul 31, 2008Secure Computing CorporationReputation based message processing
US20090086252 *Oct 1, 2007Apr 2, 2009Mcafee, IncMethod and system for policy based monitoring and blocking of printing activities on local and network printers
US20090094250 *Oct 9, 2007Apr 9, 2009Greg DhuseEnsuring data integrity on a dispersed storage grid
US20090100519 *Oct 16, 2007Apr 16, 2009Mcafee, Inc.Installer detection and warning system and method
US20090119743 *Nov 7, 2007May 7, 2009Mcafee, Inc.Method and system for generic real time management of devices on computers connected to a network
US20090205045 *Feb 12, 2008Aug 13, 2009Mcafee, Inc.Bootstrap OS protection and recovery
US20090232300 *Mar 14, 2008Sep 17, 2009Mcafee, Inc.Securing data using integrated host-based data loss agent with encryption detection
US20100011410 *Jul 10, 2008Jan 14, 2010Weimin LiuSystem and method for data mining and security policy management
US20100042931 *Jul 13, 2009Feb 18, 2010Christopher John DixonIndicating website reputations during website manipulation of user information
US20100071032 *Mar 18, 2010David DurhamTechniques for Authenticated Posture Reporting and Associated Enforcement of Network Access
US20100107224 *Dec 22, 2009Apr 29, 2010David DurhamTechniques for authenticated posture reporting and associated enforcement of network access
US20100112983 *Nov 6, 2009May 6, 2010Trust DigitalSystem, method and device for mediating connections between policy source servers, corporate repositories, and mobile devices
US20100115581 *Nov 6, 2009May 6, 2010Trust DigitalSystem method and device for mediating connections between policy source servers, corporate respositories, and mobile devices
US20100115582 *Nov 6, 2009May 6, 2010Trust DigitalSystem, method, and device for mediating connections between policy source servers, corporate respositories, and mobile devices
US20100191732 *Jan 27, 2009Jul 29, 2010Rick LoweDatabase for a capture system
US20100333176 *Sep 10, 2010Dec 30, 2010Mcafee, Inc., A Delaware CorporationEnabling Dynamic Authentication With Different Protocols on the Same Port for a Switch
US20110055381 *Oct 6, 2009Mar 3, 2011Mcafee, Inc.Host information collection
US20110055382 *Mar 3, 2011Mcafee, Inc.Host entry synchronization
US20110055580 *Oct 6, 2009Mar 3, 2011Mcafee, Inc.Nonce generation
US20110055907 *Oct 6, 2009Mar 3, 2011Mcafee, Inc.Host state monitoring
US20110077948 *Mar 31, 2011McAfee, Inc. a Delaware CorporationMethod and system for containment of usage of language interfaces
US20110093694 *Oct 16, 2009Apr 21, 2011Mcafee, Inc.Pattern Recognition Using Transition Table Templates
US20110093842 *Dec 22, 2010Apr 21, 2011Mcafee, Inc., A Delaware CorporationSolidifying the executable software set of a computer
US20110093952 *Oct 15, 2009Apr 21, 2011Mcafee, Inc.Detecting and responding to malware using link files
US20110093953 *Apr 21, 2011Mcafee, Inc.Preventing and responding to disabling of malware protection software
US20110107424 *Nov 3, 2009May 5, 2011Mcafee, Inc.Rollback Feature
US20110113467 *May 12, 2011Sonali AgarwalSystem and method for preventing data loss using virtual machine wrapped applications
US20110131657 *Jun 2, 2011Mcafee, Inc.Hooking nonexported functions by the offset of the function
US20110138461 *Jun 9, 2011Mcafee, Inc., A Delaware CorporationExecution environment file inventory
US20110162049 *Jun 30, 2011Mcafee, Inc., A Delaware CorporationEnterprise-wide security system for computer devices
US20110167212 *Jul 7, 2011Mcafee, Inc., A Delaware CorporationFile system for a capture system
US20110173342 *Jul 14, 2011Mcafee, Inc.Method and apparatus for rate limiting
US20110173677 *Jul 14, 2011Mcafee, Inc., A Delaware CorporationDetecting malware carried by an e-mail message
US20110179491 *Jul 21, 2011Mcafee, Inc., A Delaware CorporationSystem, method and computer program product for context-driven behavioral heuristics
US20110191849 *Feb 2, 2010Aug 4, 2011Shankar JayaramanSystem and method for risk rating and detecting redirection activities
US20110197284 *Aug 11, 2011Mcafee, Inc., A Delaware CorporationAttributes of captured objects in a capture system
US20110208861 *Aug 25, 2011Mcafee, Inc.Object classification in a capture system
US20110225622 *Sep 15, 2011Derek Patton PearcySystem, method, and computer program product for displaying network events in terms of objects managed by a security appliance and/or a routing device
US20110225635 *Sep 15, 2011Rishi KumarNon-obtrusive security system for devices
US20110231669 *Sep 22, 2011Intellectual Ventures I LlcComputer Virus Protection
US20130191919 *Jan 19, 2012Jul 25, 2013Mcafee, Inc.Calculating quantitative asset risk
US20130246537 *Dec 10, 2009Sep 19, 2013Satish Kumar GaddalaSystem and method for monitoring social engineering in a computer network environment
USD691167Nov 25, 2012Oct 8, 2013Mcafee, Inc.Computer having graphical user interface
USD691168Nov 25, 2012Oct 8, 2013Mcafee, Inc.Computer having graphical user interface
USD692451Nov 25, 2012Oct 29, 2013Mcafee, Inc.Computer having graphical user interface
USD692452Nov 25, 2012Oct 29, 2013Mcafee, Inc.Computer having graphical user interface
USD692453Nov 25, 2012Oct 29, 2013Mcafee, Inc.Computer having graphical user interface
USD692454Nov 25, 2012Oct 29, 2013Mcafee, Inc.Computer having graphical user interface
USD692911Nov 25, 2012Nov 5, 2013Mcafee, Inc.Computer having graphical user interface
USD692912Nov 25, 2012Nov 5, 2013Mcafee, Inc.Computer having graphical user interface
USD693845Nov 26, 2012Nov 19, 2013Mcafee, Inc.Computer having graphical user interface
USD722613Jan 18, 2013Feb 17, 2015Mcafee Inc.Computer display screen with graphical user interface
WO2014163355A1 *Mar 31, 2014Oct 9, 2014Softcamp Co., LtdMethod and system for inspecting electronic documents
Classifications
U.S. Classification713/152, 713/151, 713/150
International ClassificationH04L12/58, G06F11/30, H04L29/06, H04L9/00, G06F21/00
Cooperative ClassificationH04L51/12, H04L12/585, G06F21/56, H04L63/1441, G06F21/567, H04L63/1416, H04L51/066, H04L12/5835, H04L63/145
European ClassificationG06F21/56D, G06F21/56, H04L51/12, H04L63/14D1, H04L12/58F
Legal Events
DateCodeEventDescription
Sep 28, 2007ASAssignment
Owner name: G.K. WEBB SERVICES LLC, DELAWARE
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:GATEKEEPER, LLC;REEL/FRAME:019892/0258
Effective date: 20070912
Oct 3, 2007ASAssignment
Owner name: GATEKEEPER LLC, VIRGINIA
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INFOBAHN, INC.;REEL/FRAME:019912/0601
Effective date: 20070517
Owner name: INFOBAHN, INC., MARYLAND
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:STEWART, WALTER MASON;CARRERA, MARCELO;HOOK, ROBERT G.;REEL/FRAME:019912/0567
Effective date: 20001020
Dec 7, 2010ASAssignment
Effective date: 20101207
Owner name: INTELLECTUAL VENTURES I LLC, DELAWARE
Free format text: MERGER;ASSIGNOR:G.K. WEBB SERVICES LLC;REEL/FRAME:025467/0079
Aug 28, 2012FPAYFee payment
Year of fee payment: 4
Nov 27, 2012RRRequest for reexamination filed
Effective date: 20120912